Use a Raspberry Pi to provide Dynamic DNS to your home network via Cloudflare

I have a home network that I routinely have need to access from remote locations. Up until now, I’ve just made do, by waiting to handle the tasks when I’m at home, or by physically going home in order to access the network.

The reason that accessing your home network from anywhere outside the home is problematic is because you most likely don’t have a static IP address from your ISP. That means that your IP address of your modem changes frequently, so if you want to even begin to access your home network from a distance, you need to know the address to reach it. When it changes all the time, that can be a problem. That’s where dynamic DNS comes in.

Dynamic DNS is a service that allows you to channel your ever-changing IP address to a static domain name. The idea is that even though your IP address changes all the time, you can enter a given domain name and that will point you to the correct IP address. When your IP address changes, you update the DNS for the domain name and it still gets you to your home network.

In order to get Dynamic DNS up and running, you need a few things:

  1. A computer that is running all the time
  2. A domain name that you can update

That’s about it. In my case, I have a Raspberry Pi at home that was just desperate to be useful, so that fit the bill really well. I also have countless domain names, so I just needed to choose the most appropriate one for my use case. You don’t technically need your own domain name, since some Dynamic DNS services (including some free ones) allow you to use one of theirs (e.g. yoursubdomain.dynamicdnscompany.com), but that’s what I have and what these instructions are based on.

Setting up Cloudflare correctly

If you don’t already have your domains running through Cloudflare, you’ll have to sign up for an account (it’s free) and change your nameservers to point to Cloudflare, allowing you to manage your DNS at Cloudflare.

Once you’ve done that, you’ll need to grab an API key, allowing you to make changes to your Cloudflare DNS zones. You can do that from the My Account page. You can just use the Global API key, but if you want to lock down the permissions a bit more, you can create a new API key which only allows certain access to your account.

Lastly, you’ll need to choose a subdomain (or domain: it doesn’t have to be a subdomain technically) that will be your Dynamic DNS address. So, you might choose something like home.myfamily.network if you own the myfamily.network TLD. Now you need to create an A record for this domain/subdomain. It’s helps with troubleshooting if for now you point it to something arbitrary like 1.2.3.4. That will help you to know that the A record is working correctly and to know when it has been updated correctly to whatever your IP address is.

It’s important to not proxy the DNS. Unless you have a paid Cloudflare which can do port forwarding over proxied domains, you won’t be able to do port forwarding if you proxy the domain, which means you’ll lose most of the purpose of using Dynamic DNS to begin with. This does have the downside of exposing your home IP address, but unless you’re willing to fork out for a paid Cloudflare account, it’s the way it has to be.

Once the record is saved, you can use a tool like What’s My DNS? to check what A records are being reported for your domain, so that you can confirm that everything you’ve done thus far has been correct (it should say 1.2.3.4 or whatever you chose when setting the A record).

Installing and configuring ddclient

ddclient is a package for managing dynamic DNS. It has a package available on Raspbian, and since version 3.9, it also supports using Cloudflare for managing the DNS. However, the Raspbian package is only at version 3.8.3, so we need to manually update it to 3.9.1 (latest package available as of time of publication).

sudo apt-get update 
sudo apt-get install ddclient libjson-any-perl
cd ~
wget http://downloads.sourceforge.net/projects/ddclient/ddclient/ddclient-3.9.1.tar.gz
tar -zxvf ddclient-3.9.1.tar.gz
sudo cp -f ddclient-3.9.1/ddclient /usr/sbin/ddclient

Now we need to move the configuration file and edit it:

sudo mkdir /etc/ddclient 
sudo mv /etc/ddclient.conf /etc/ddclient
sudo nano /etc/ddclient/ddclient.conf

Here’s what you need to copy into your ddclient.conf file:

daemon=600
syslog=yes
use=web, web=checkip.dyndns.com, web-skip='IP Address'
ssl=yes
protocol=cloudflare
ttl=1
[email protected]
password=76d8c8b0ca97e6314e97b020fc0013795aee
zone=zone.tld
subdomain.zone.tld

And here’s what it all means:

  • daemon says how frequently the ddclient daemon will run
  • syslog says that we’ll write records to the syslog
  • use=web and the accompanying commands says how we’re going to check our current IP address
  • ssl says that we’re going to communicate via SSL for security
  • protocol says that we’re going to use cloudflare
  • ttl=1 says what TTL we want on our A record
  • login is the email address that you use to log in to Cloudflare
  • password is the Cloudflare API key that you obtained earlier
  • zone is the TLD that you manage in Cloudflare
  • subdomain.zone.tld is the subdomain that you’re using for Dynamic DNS. If you’re using the TLD itself (rather than a subdomain), you can just enter the TLD here again

Run ddclient as a daemon

Now we want to run ddclient as a daemon:

sudo nano /etc/default/ddclient

Make sure that the following lines have the following values:

run_daemon="true"
run_dhclient="false"
run_ipup="false"

Now we can start the daemon and check that it’s working correctly:

sudo service ddclient start
sudo service ddclient status

Now you can issue the command to check your DNS and update it:

sudo ddclient -daemon=0 -debug -verbose -noquiet

This will give a verbose output of everything that ddclient is doing. if it ends with a line that says SUCCESS, then it should have run successfully and checking the A records of your subdomain at What’s My DNS? again should show that the A record has changed from 1.2.3.4 to your actual IP address. If it doesn’t say SUCCESS, then the output should give you some clues as to what the issue is.

Run ddclient on a cron job

To ensure that ddclient continues to operate on a regular schedule, I also set it up on a cronjob. I edited the root crontab and added the following line to ensure that it runs at least once an hour.

34 * * * * /usr/sbin/ddclient --force

By Dave

Dave is the proud father of Ellie and Jack. There's nothing that makes him happier than spending time with his incredible wife and their amazing children. He's a civil/mechanical engineer and he also builds and maintains WordPress websites.

Leave a Reply